Doctoral Thesis: Towards Deployable Robust Text Classifiers
32-G882
Lei Xu
Abstract:
Classification has been studied for decades as a fundamental task in natural language processing. In this dissertation, we aim to develop more deployable and robust text classifiers, with a main focus on improving classifier robustness against adversarial attacks by developing both attack and defense approaches. Adversarial attacks are a security concern for text classifiers in which a malicious user can take a sentence and perturb it slightly to manipulate the classifier’s output. To design better attack methods, we focus on improving adversarial sentence quality and reducing computation. We propose two attacks, namely (1) rewrite and rollback attack and (2) single-word adversarial perturbation attack. To defend against these attacks, we propose two methods, (1) single-word adversarial perturbation data augmentation in training, and (2) an in situ data augmentation during inference. Finally, we explore the vulnerability of a very recent text classification architecture — prompt-based classifiers, and find them to be vulnerable to attacks as well. We also develop a library called Fibber to facilitate adversarial robustness research.
Details
- Date: Wednesday, August 31
- Time: 12:30 pm - 2:00 pm
- Category: Thesis Defense
- Location: 32-G882
Additional Location Details:
Thesis Supervisor: Dr. Kalyan Veeramachaneni
To attend via zoom, please contact the doctoral candidate at leix@mit.edu